VYPR
Unrated severityNVD Advisory· Published Jul 18, 2006· Updated Jun 16, 2026

CVE-2006-3608

CVE-2006-3608

Description

The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Flatnuke/Flatnuke11 versions
    cpe:2.3:a:flatnuke:flatnuke:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:flatnuke:flatnuke:*:*:*:*:*:*:*:*range: <=2.5.7
    • cpe:2.3:a:flatnuke:flatnuke:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:flatnuke:flatnuke:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:flatnuke:flatnuke:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:flatnuke:flatnuke:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:flatnuke:flatnuke:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:flatnuke:flatnuke:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:flatnuke:flatnuke:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:flatnuke:flatnuke:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:flatnuke:flatnuke:2.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:flatnuke:flatnuke:2.5.6:*:*:*:*:*:*:*
  • Range: <=2.5.7

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.